MGT512: Security Leadership Essentials For Managers New

This course is highly useful for giving me a sound baseline of technical and general skills to help me manage an effective team.

Richard Ward, REA Group

The blending of management and technologies in a course is challenging. SANS courses writers and instructor provide timely information to their students.

James Lamadrid, Federal Government

Security managers need both technical knowledge and management skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This is a big and important job that requires an understanding of a wide array of security topics.

This course empowers you to become an effective security manager and get up to speed quickly on information security issues and terminology. You won't just learn about security, you will learn how to manage security.

To accomplish this goal, MGT512 covers a wide range of security topics across the entire security stack. Data, network, host, application, and user controls are covered in conjunction with key management topics that address the overall security lifecycle. This also includes governance and technical controls focused on protecting, detecting, and responding to security issues.

This approach prepares you to:

Make sense of different cybersecurity frameworks

Understand and analyze risk

Understand the pros and cons of different reporting relationships

Manage technical personnel

Build a vulnerability management program

Inject security into modern DevOps workflows

Strategically leverage a SIEM

Change behavior and build a security-aware culture

Effectively manage security projects

Enable modern security architectures and the cloud

MGT512 uses case studies, group discussions, team-based exercises, and in-class games to help students absorb both technical and management topics.

Please note that some course material for SEC401 and MGT512 may overlap. We recommend SEC401 for those interested in a more technical course of study, and MGT512 for those primarily interested in a leadership-oriented but less technical learning experience.

This course prepares you for the GSLC certification, which meets the requirement of the DoD 8570 IAM Level 1, 2, 3

Course Syllabus

MGT512.1: Building Your Program

Overview

The course starts with a tour of the information and topics that effective security managers and leaders must know to function in the modern security environment. This includes an understanding of the different types of cybersecurity frameworks available to structure your security team and program. Risk is central to effective information security management, and key risk concepts are discussed to lay the foundation for effective risk assessment and management. Security policy is a key tool that security managers use to manage risk. We'll cover approaches to policy to help you plan and manage your policy process. Finally, security functions, reporting relationships, and roles and responsibilities are discussed to give the advancing manager a view into effective security team and program structure.

CPE/CMU Credits: 6

Topics

Security Frameworks

Control, Program, and Risk Frameworks

Understanding Risk

Risk Concepts

Calibration

Risk Assessment and Management

Security Policy

Purpose of Policy

Risk Appetite Statement

Policy Planning

Managing Policy

Program Structure

Security Functions

Reporting Relationships

Three Lines of Defense

Roles and Responsibilities

MGT512.2: Protecting Data and Networks

Overview

Day 2 provides foundational knowledge to protect data and networks. This includes building an understanding of cryptography concepts, encryption algorithms, and applications of cryptography. Since encrypting data alone is not sufficient, the distinction between privacy and security is discussed to give managers a primer on key privacy concepts. Finally, a thorough discussion of network security is modeled around the various layers of the network stack. This allows managers to gain a deeper understanding of what their teams are talking about, what vendors are selling, and where various issues and protections lay within the seven layers of the network model.

CPE/CMU Credits: 6

Topics

Data Protection

Cryptography Concepts

Encryption Algorithms

Encryption Applications

Privacy Primer

Privacy and Security

Network Security

Layer 1 and 2: Overview and Attacks

Layer 3

VPNs and IPSec

IPv6 Considerations

Layer 4: TCP and UDP

Application Layer

Proxie, NGFW, IDS, NSM

MGT512.3: Protecting and Patching Systems

Overview

Day 3 is focused on protecting and patching systems. This includes coverage of host security that encompasses endpoint and server security along with malware and attack examples. Modern infrastructure as code approaches and tools are also discussed as ways to automate consistent deployment of standard configurations. Managers must also be knowledgeable about software development processes, issues, and application vulnerabilities. Coverage includes an overview of the secure SDLC, OWASP Top Ten, and leading-edge development processes built on DevOps. Managers must also understand physical security controls that, when not implemented appropriately, can cause technical security controls to fail or be bypassed. All of these issues and corresponding vulnerabilities must be appropriately managed. This leads to a discussion on building a vulnerability management program and the associated process for successfully finding and fixing vulnerabilities.

CPE/CMU Credits: 6

Topics

Host Security

Endpoint Security

Server Security

Malware and Attack Examples

Infrastructure as Code

Application Security

Secure SDLC

OWASP Top Ten

Secure DevOps

Physical Security

Issues and Controls

Vulnerability Management

PIACT Process

Vulnerability Overview

Finding and Fixing Vulnerabilities

Communicating and Managing Vulnerabilities

MGT512.4: Leading Modern Security Initiatives

Overview

Day 4 covers what managers need to know about leading modern security initiatives. Security awareness is a huge component of any security program that is focused on driving activities that lead to changes in human behavior and creating a more risk-aware and security-aware culture. For any project or initiative, security leaders must also be able to drive effective project execution. Having a well-grounded understanding of the project management process makes it easier to move these projects forward. The cloud is a major initiative that many organizations are either tackling now or planning to undertake. To get ready for these initiatives, an overview of Amazon Web Services (AWS) is provided to serve as a reference, along with a discussion of key cloud security issues based on the Cloud Security Alliance guidance. The cloud, the rise of mobile devices, and other factors are highlighting weaknesses in traditional, perimeter-oriented security architectures. This leads to a discussion of the Zero Trust Model. To execute such new initiatives security leaders must also develop negotiation skills and the ability to manage highly technical team members.

CPE/CMU Credits: 6

Topics

Security Awareness

Maturity Model

Human Risks

Project Management

Projects, Programs, Portfolios

Project Management Process

Cloud Security

Cloud Security Alliance (CSA) Guidance

Amazon Web Services (AWS) Overview

Moving to the Cloud

Modern Security Architecture

Zero Trust Model

User, Device, and Application Authentication and Access

Management Methods

Negotiations Primer

Managing Technical People

MGT512.5: Detecting and Responding to Attacks

Overview

Day 5 is focused on detection and response capabilities. This includes gaining appropriate visibility via logging, monitoring, and thinking strategically about a security information and event management (SIEM) system. These logs are a core component of any Security Operations Center (SOC). The key functions of a SOC are discussed along with how to design, build, operate, and mature security operations for your organization. The incident response process is discussed in relation to identifying, containing, eradicating, and recovering from security incidents. This leads into a discussion of longer-term disaster recovery and business continuity planning. Finally, the course ends with a war game that simulates an actual incident. This tabletop simulation contains a number of injects or points at which students are presented with additional information to which they can respond. After dealing with the incident itself, the simulation concludes with a game focused on choosing appropriate security controls to mitigate future incidents.

CPE/CMU Credits: 6

Topics

Logging and Monitoring

SIEM Goals

Security Operations Center (SOC)

SOC Essential Functions

Design, Build, Operate, and Mature

Governance Structure

Technical Components

Incident Response

PICERL Process

Staffing Considerations

Contingency Planning

Disaster Recovery

Business Continuity Planning

War Game

Tabletop Simulation

Additional Information

Laptop Required

LAPTOP REQUIRED

You must bring a computing device (laptop or tablet) with the latest version of Microsoft Excel. This will be used for the exercise on the last day of class.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

Who Should Attend

Security Managers

Newly appointed information security officers

Recently promoted security leaders who want to build a security foundation for leading and building teams

Security Professionals

Technically skilled security administrators who have recently been given leadership responsibilities

Managers

Managers who want to understand what technical people are telling them

Managers who need an understanding of security from a management perspective

Prerequisites

This course covers the core areas of security leadership and assumes a basic understanding of technology, networks, and security. For those who are brand new to the field with no background knowledge, the recommended starting point is the SEC301: Intro to Information Security course. While SEC301 is not a prerequisite, it will provide the introductory knowledge that will help maximize the experience with MGT512.

What You Will Receive

Student books containing the entire course content

MP3 audio files of the complete course lecture

Press & Reviews

"SANS MGT512 course has been instrumental in bridging the gaps in my knowledge & has prepared me to take on bigger responsibilities." - Mir Shajee, Accenture

"Was able to merge management skills and techical materials in one a simple format." - Abdulaziz Al-Sultan, Saudi Electric Company

"This course is highly useful for giving me a sound baseline of technical and general skills to help me manage an effective team." - Richard Ward, REA Group

Author Statement

"I have found that technical professionals who are taking on management responsibility need to learn how to convey security concepts in ways that non-technical people can understand. At the same time, managers who are new to security need to learn more about the different domains of cybersecurity. In both cases, there is a need to learn about the work of managing security. That is why this course focuses on the big picture of securing the enterprise, from governance all the way to the technical security topics that serve as the foundation for any security manager. Ultimately, the goal of the course is to ensure that you, the advancing manager, can make informed choices to improve security at your organization."